IRC Logs for #crux-devel Saturday, 2010-10-23

*** kreed has joined #crux-devel02:46
*** pitillo has quit IRC03:40
*** pitillo has joined #crux-devel03:42
*** aubic has quit IRC03:57
*** jue has joined #crux-devel04:16
juefrinnst: thanks for the link, missed that issue04:18
juecan confirm that the exploit works for us ;)04:19
jueand the suggested fix from RH seems to fix it -> http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html04:21
juebut IMO we should wait for Ulrich's review, see his response in the above thread04:22
jueI've added a glibc-port with that patch to my private repo:04:27
juehttpup sync http://jue.li/crux/ports/#glibc glibc04:28
*** kreed has quit IRC04:33
*** kreed has joined #crux-devel04:50
juebbl04:51
*** jue has quit IRC05:24
*** jue has joined #crux-devel05:35
*** mike_k has joined #crux-devel07:49
juere08:00
juetilman: you've seen the glibc issue?08:08
tilmanyes, buti haven't seen a fix that08:11
tilmans/that/yet/08:11
*** pitillo has quit IRC08:13
juedo you agree to wait until we get a "official" fix/response from Drepper?08:14
juetilman: ?08:28
tilmanyup08:40
*** pitillo has joined #crux-devel08:44
juesorry, I've mixed up the two similar problems a bit, will try to clarify the things:09:41
juethere are two different CVE's wrt glibc and LD_AUDIT09:41
juea) CVE-2010-384709:42
jue-> Ann: http://seclists.org/fulldisclosure/2010/Oct/25709:42
jue-> Fix: http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html09:42
jueb) CVE-2010-385609:42
jue-> Ann: http://seclists.org/fulldisclosure/2010/Oct/34409:42
jue-> Fix: http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html09:42
juelooks like we are not vulnerable to a), see http://seclists.org/oss-sec/2010/q4/6909:42
tilmanoh boy09:42
tilmani hadn't seen the second one yet09:42
jueBut anyway, I've updated the glibc-port in my repo now with both patches09:42
juewell, the second is serious for us, I've been able to get a root shell09:43
*** nthwyatt has quit IRC10:32
*** jue has quit IRC10:33
*** nthwyatt has joined #crux-devel10:33
*** jue has joined #crux-devel10:35
juehmm, that's surprisingly: 125 downloads of the i586' version11:48
*** jue has quit IRC15:33
*** mike_k has quit IRC16:21
*** kreed has quit IRC17:14
*** mavrick61 has quit IRC21:40
*** mavrick61 has joined #crux-devel21:42

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!